| |||||||||||||
Red Hat alert RHSA-2004:260-01 (kernel)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated kernel packages fix security vulnerabilities Advisory ID: RHSA-2004:260-01 Issue date: 2004-06-18 Updated on: 2004-06-18 Product: Red Hat Enterprise Linux Keywords: Cross references: Obsoletes: RHSA-2004:188 CVE Names: CAN-2004-0495 CAN-2004-0554 - --------------------------------------------------------------------- 1. Topic: Updated kernel packages for Red Hat Enterprise Linux 2.1 that fix security vulnerabilities are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - athlon, i386, i686 Red Hat Enterprise Linux ES version 2.1 - athlon, i386, i686 Red Hat Enterprise Linux WS version 2.1 - athlon, i386, i686 3. Problem description: The Linux kernel handles the basic functions of the operating system. A flaw was found in Linux kernel versions 2.4 and 2.6 for x86 and x86_64 that allowed local users to cause a denial of service (system crash) by triggering a signal handler with a certain sequence of fsave and frstor instructions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0554 to this issue. Enhancements were committed to the 2.6 kernel by Al Viro which enabled the Sparse source code checking tool to check for a certain class of kernel bugs. A subset of these fixes also applies to various drivers in the 2.4 kernel. These flaws could lead to privilege escalation or access to kernel memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0495 to these issues. All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. These packages contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 126122 - CAN-2004-0495 Sparse security fixes backported for 2.4 kernel 126031 - CAN-2004-0554 local user can get the kernel to hang 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kernel-2.4.9-e.41.src.rpm athlon: Available from Red Hat Network: kernel-2.4.9-e.41.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.9-e.41.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-doc-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-headers-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-source-2.4.9-e.41.i386.rpm i686: Available from Red Hat Network: kernel-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-debug-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-enterprise-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-smp-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-summit-2.4.9-e.41.i686.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kernel-2.4.9-e.41.src.rpm athlon: Available from Red Hat Network: kernel-2.4.9-e.41.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.9-e.41.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-doc-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-headers-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-source-2.4.9-e.41.i386.rpm i686: Available from Red Hat Network: kernel-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-debug-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-smp-2.4.9-e.41.i686.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kernel-2.4.9-e.41.src.rpm athlon: Available from Red Hat Network: kernel-2.4.9-e.41.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.9-e.41.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-doc-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-headers-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-source-2.4.9-e.41.i386.rpm i686: Available from Red Hat Network: kernel-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-debug-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-enterprise-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-smp-2.4.9-e.41.i686.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- e8a6f83bc24e92297315f751559a251a kernel-2.4.9-e.41.athlon.rpm 3e0d87495a7c6b7bef7e02f55ef6d24a kernel-2.4.9-e.41.i686.rpm 3958537aa5fd88aebb95864351f824c8 kernel-2.4.9-e.41.src.rpm fdf9aa6832ac6faeb301988d98e7a31b kernel-BOOT-2.4.9-e.41.i386.rpm 8aa5eb290f69829b5284c90705b6061f kernel-debug-2.4.9-e.41.i686.rpm 4af5cd44eb2fa282c0d743927478738c kernel-doc-2.4.9-e.41.i386.rpm 703fec744138ab5ca5118e266e5b75f1 kernel-enterprise-2.4.9-e.41.i686.rpm 55f2acc05244bf82043d85920aeab3e4 kernel-headers-2.4.9-e.41.i386.rpm 04ab73b3bca23210c7643a74a7602b49 kernel-smp-2.4.9-e.41.athlon.rpm b2186df6f7d6c688a30365a17dc9a4b4 kernel-smp-2.4.9-e.41.i686.rpm e6b5c0f91e0808d6c1ba5de86b600c17 kernel-source-2.4.9-e.41.i386.rpm e05538bec3d7e58542c34f222890facf kernel-summit-2.4.9-e.41.i686.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum <filename> 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0554 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFA012sXlSAg2UNWIIRApqaAJ9Nuz1XLmQCLCw1ieJIqA7dXpEZngCfSUGf kKnzkP/NlgcdhMGvZQK682k= =k/N4 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list (Log in to post comments)
|
|||||||||||||